« « 

CLAIMS 

1 1. A security system for controlling access to a web site from an external 

2 network and an internal network, comprising: 

3 a security module executing on a security system, the security module for 

4 controlling access to web pages; 

5 a external web server for servicing requests for web pages from the external 

6 network; 

7 a site firewall for receiving requests for web pages from the external network 

8 and for forwarding legitimate requests for web pages to the external web server; 

9 a security firewall for receiving security requests from the external web server 
\Q0 and for forwarding legitimate security requests to the security module, the security requests 
J l relating to access of a web page; and 

^2 an internal web server for servicing requests for web pages from the internal 

SI 3 network and for forwarding the requests to the security module without passing the requests 

~~14 through the security firewall; 

Li 5 whereby requests to access web pages that are received from the external 

K6 network and the internal network are authorized by the same security module. 

M l 2. The security system of claim 1 wherein a legitimate request for a web 

2 page is an HTTP request. 

1 3. The security system of claim 1 wherein a legitimate request for a web 

2 page is an HTTPs request. 

1 4. The security system of claim 1 wherein the external network is the 

2 Internet. 
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1 5. The security system of claim 1 wherein the external and internal web 

2 servers include a module for interfacing to the security module. 

1 6. The security system of claim 1 wherein the external and internal web 

2 servers implement the same web pages. 

1 7. The security system of claim 1 wherein the security module provides 

2 authentication services. 

1 8. The security system of claim 1 wherein the security module provides 

2 authorization services. 

jii 9. The security system of claim 1 wherein a legitimate security request is 

""22 received by the security firewall through a designated IP address and port number. 

C~}i 10. A method in a computer system for approving access to resources 

m 2 provided by a server, the method comprising: 

M=3 receiving requests to access resources, the requests being received from an 

Ll4 external network and an internal network; 

requesting a security module to approve each request to access a resource 

Q6 irrespective of whether the request was received from the external network or the internal 

7 network; 

8 when access to the resource is approved, granting access to the requested 

9 resource 

10 whereby requests to access resource received from either the external network 
n or the internal network are processed by the same security module. 

1 11. The method of claim 10 wherein the requests received from the external 

2 network are passed through a site firewall before being processed by the server and security 

3 requests generated by the server are passed through a security firewall before being 

4 processed by the security module. 
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1 12. The method of claim 1 1 wherein the requests received from the internal 

2 network are not passed through a site firewall or security firewall. 

1 13. The method of claim 12 wherein the requests received from the external 

2 network and requests received from the internal network are processed by different servers. 

l 14. The method of claim 13 wherein the servers are web servers. 

i 15. The method of claim 10 wherein the server is a web server. 

l 16. The method of claim 10 wherein the resources are web pages. 

l 17. The method of claim 10 wherein the external network is the Internet. 

1 18. The method of claim 10 wherein the security module provides 

2 authentication services. 

1 19. The method of claim 10 wherein the security module provides 

2 authorization services. 

1 20. A security system for controlling access to resources, comprising: 

2 a security module for approving access to the resources; 

3 a server for servicing requests for resources; 

4 a site firewall for receiving requests for resources and for forwarding legitimate 

5 requests for resources to the server; and 

6 a security firewall for receiving security requests from the server and for 

7 forwarding legitimate security requests to the security module, the security requests relating 

8 to approving access to a resource. 

1 21. The security system of claim 20 wherein the requests for resources are 

2 received from the Internet. 
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1 22. The security system of claim 20 wherein a legitimate request for a 

2 resource is an HTTP request. 

1 23. The security system of claim 20 wherein a legitimate request for a 

2 resource is an HTTPs request. 

1 24. The security system of claim 20 wherein the requests are received from 

2 an external network and wherein requests that are received from an internal network are 

3 process by a different server using the same security module, but without using the site 

4 firewall or security firewall. 

l 25. The security system of claim 20 wherein resources are web pages. 
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Nh 26. The security system of claim 20 wherein the security module provides 

in 2 authentication services. 

W i 27. The security system of claim 20 wherein the security module provides 

M=2 authorization services. 

^ l 28. The security system of claim 20 wherein a legitimate security request is 

C32 received by the security firewall through a designated IP address and port number. 

1 29. A method for configuring computer systems comprising: 

2 connecting an external network to a site firewall, the site firewall for receiving 

3 requests for web pages from the external network and for forwarding legitimate requests 

4 through the site firewall; 

5 connecting a external web server to the site firewall, the external web server 

6 for servicing legitimate requests for web pages received from the external network; 

7 connecting a security firewall to the external web server, the security firewall 

8 for receiving security requests from the external web server and for forwarding legitimate 

9 security requests; 
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ing a security module to the security fircw; 



connecting a security module to the security firewall, the security module for 
receiving legitimate security requests and for approving legitimate security requests; 

connecting an internal network to an internal web server, the internal web 
server for servicing requests for web pages received from the internal network; and 

connecting the security module to the internal web server for receiving security 
requests and for approving the security requests 

whereby requests to access web pages that are received from the external 
network and the internal network are approved by the same security module. 



30. The method of claim 29 wherein a legitimate request for a web page is 
an HTTP request. 



3 1. The method of claim 29 wherein a legitimate request for a web page is 
an HTTPs request. 



32. The method of claim 29 wherein the external network is the Internet. 



33. The method of claim 29 wherein the external and internal web servers 
include a module for interfacing to the security module. 

34. The method of claim 29 wherein the external and internal web servers 
implement the same web pages. 

35. The method of claim 29 wherein the security module provides 
authentication services. 

36. The method of claim 29 wherein the security module provides 
authorization services. 

37. The method of claim 29 wherein a legitimate security request is received 
by the security firewall through a designated IP address and port number. 
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